CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8745
https://notcve.org/view.php?id=CVE-2015-8745
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Podría ocurrir mientras lee Interrupt Mask Registers (IMR). • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/04/4 http://www.openwall.com/lists/oss-security/2016/01/04/7 http://www.securityfocus.com/bid/79822 http://www.securitytracker.com/id/1034575 https://bugzilla.redhat.com/show_bug.cgi?id=1270876 https://security.gentoo.org/glsa/201602-01 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8504
https://notcve.org/view.php?id=CVE-2015-8504
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Qemu, cuando se construye con soporte de controlador de pantalla VNC, permite a atacantes remotos provocar una denegación de servicio (excepción aritmética y caída de aplicación) a través de mensajes SetPixelFormat manipulados desde un cliente. • http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/08/7 http://www.securityfocus.com/bid/78708 https://bugzilla.redhat.com/show_bug.cgi?id=1289541 https://security.gentoo.org/glsa/201602-01 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8558
https://notcve.org/view.php?id=CVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/16 http://www.openwall.com/lists/oss-security/2015/12/14/9 http://www.securityfocus.com/bid/80694 https://bugzilla.redhat.com/show_bug.cgi?id=1277983 https://lists.gnu.org/archive/html/qemu • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2015-8567
https://notcve.org/view.php?id=CVE-2015-8567
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html http://lists.opensuse.org/opensuse-secu • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8568
https://notcve.org/view.php?id=CVE-2015-8568
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. La pérdida de memoria en QEMU, cuando se construye con un VMWARE VMXNET3 paravirtual NIC emulador de soporte, permite a los usuarios locales invitados a provocar una denegación de servicio (consumo de memoria del host) al intentar activar el dispositivo vmxnet3 repetidamente. • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/15/10 http://www.securityfocus.com/bid/79721 https://bugzilla.redhat.com/show_bug.cgi?id=1289816 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html https://security.gentoo.org/glsa/201602-01 • CWE-772: Missing Release of Resource after Effective Lifetime •